Hi,
When /tmp has noexec, Knox OS auth throws error:
[lianjia@prod1-namenode knox-server]$ sudo bin/knoxcli.sh user-auth-test
--cluster ui --u guest --p "{PASSWORD}" --d
org.apache.shiro.authc.AuthenticationException: Authentication failed for
token submission [org.apache.shiro.authc.UsernamePasswordToken - guest,
rememberMe=false]. Possible unexpected error? (Typical or expected login
exceptions should extend from AuthenticationException).
/tmp/jna-3506402/jna4211705767471308463.tmp:
/tmp/jna-3506402/jna4211705767471308463.tmp:
failed to map segment from shared object: Operation not permitted
org.apache.shiro.authc.AuthenticationException: Authentication failed for
token submission [org.apache.shiro.authc.UsernamePasswordToken - guest,
rememberMe=false]. Possible unexpected error? (Typical or expected login
exceptions should extend from AuthenticationException).
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(
AbstractAuthenticator.java:214)
at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(
AuthenticatingSecurityManager.java:106)
at org.apache.shiro.mgt.DefaultSecurityManager.login(
DefaultSecurityManager.java:270)
at org.apache.shiro.subject.support.DelegatingSubject.
login(DelegatingSubject.java:256)
at org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.
authenticateUser(KnoxCLI.java:1171)
at org.apache.hadoop.gateway.util.KnoxCLI$LDAPCommand.
authenticateUser(KnoxCLI.java:1206)
at org.apache.hadoop.gateway.util.KnoxCLI$LDAPAuthCommand.
execute(KnoxCLI.java:1502)
at org.apache.hadoop.gateway.util.KnoxCLI.run(KnoxCLI.java:143)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76)
at org.apache.hadoop.gateway.util.KnoxCLI.main(KnoxCLI.java:1777)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.hadoop.gateway.launcher.Invoker.
invokeMainMethod(Invoker.java:70)
at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
at org.apache.hadoop.gateway.launcher.Command.run(Command.java:99)
at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
Caused by: java.lang.UnsatisfiedLinkError:
/tmp/jna-3506402/jna4211705767471308463.tmp:
/tmp/jna-3506402/jna4211705767471308463.tmp: failed to map segment from
shared object: Operation not permitted
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1824)
at java.lang.Runtime.load0(Runtime.java:809)
at java.lang.System.load(System.java:1086)
at com.sun.jna.Native.loadNativeDispatchLibraryFromC
lasspath(Native.java:761)
at com.sun.jna.Native.loadNativeDispatchLibrary(Native.java:736)
at com.sun.jna.Native.<clinit>(Native.java:131)
at com.sun.jna.Pointer.<clinit>(Pointer.java:41)
at com.sun.jna.Structure.<clinit>(Structure.java:1949)
at org.jvnet.libpam.PAM.<init>(PAM.java:73)
at org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.
doGetAuthenticationInfo(KnoxPamRealm.java:135)
at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(
AuthenticatingRealm.java:568)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.
doSingleRealmAuthentication(ModularRealmAuthenticator.java:180)
at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(
ModularRealmAuthenticator.java:267)
at org.apache.shiro.authc.AbstractAuthenticator.authenticate(
AbstractAuthenticator.java:198)
... 18 more
ERR: Unable to authenticate user: guest
Setting "-Djava.io.tmpdir={other_tmp_folder} -D*jna*.tmpdir={other_tmp_folder}"
in gateway.sh did not help.
I cannot remove noexec for /tmp since it is required for our production.
Any idea how to solve this issue? Thanks!
